Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

Friday, May 25, 2007

Daily Highlights

KSBI−TV reports on Wednesday night, May 23, Tulsa, Oklahoma's International Airport came to a stand still when a surge knocked out power; planes sat on the runway while workers drove bags to the front of the airport into the hands of passengers, because the inbound baggage conveyor system did not work. (See item 15)·The Bush administration on Wednesday, May 23, pressed senior Chinese officials to bolster the safety of food exports, a key issue for U.S. consumers after melamine, a chemical used in plastics and fertilizers, surfaced in imported pet food. (See item 20)

Information Technology and Telecommunications Sector27.May 24, InformationWeek— Philadelphia launches wi−fi access test zone. Philadelphia, PA, has approved a 15−square−mile Wi−Fi test zone. About 5,000 paying customers are expected to sign up by July and 12,000 by the end of the year. Consumers in the 15−square−mile test area can sign up beginning Thursday, May 24. Free access will be offered to city residents and visitors in several designated access areas throughout the city.Source: http://www.informationweek.com/news/showArticle.jhtml?articl eID=199701767

28.May 24, CNET News— Flawed Symantec update cripples Chinese PCs. A Symantec antivirus signature update mistakenly quarantined two critical system files in the Simplified Chinese version of Windows XP last week, crippling PCs throughout China. According to the Chinese Internet Security Response Team (CISRT), users of Norton Antivirus, Norton Internet Security 2007 and Norton 360 who installed an antivirus signature update released by Symantec on May 17 could not reboot their PCs. The update reportedly mistook two Windows system files−−"netapi32.dll" and "lsasrv.dll"−−as the Backdoor.Haxdoo Trojan horse. The two files were subsequently quarantined. CISRT said the flawed Symantec update only affects users of the Simplified Chinese version of Windows XP Service Pack 2 that have been patched with a particular Microsoft software fix available since November 2006. According to Symantec China's Website, affected customers can resolve the problem by initiating another LiveUpdate, if they have not restarted their PCs after installing the flawed update. Systems that have already been restarted can be returned to the previous state by recovering the two system files from the Windows XP disc.Source: http://news.com.com/Flawed+Symantec+update+cripples+Chinese+PCs/2100−1002_3−6186271.html?tag=cd.lede

30.April 30, Government Accountability Office— GAO−07−368: Information Security: FBI Needs to Address Weaknesses in Critical Network (Letter Report). The Federal Bureau of Investigation (FBI) relies on a critical network to electronically communicate, capture, exchange, and access law enforcement and investigative information. Misuse or interruption of this critical network, or disclosure of the information traversing it, would impair FBI’s ability to fulfill its missions. Effective information security controls are essential for ensuring that information technology resources and information are adequately protected from inadvertent or deliberate misuse, fraudulent use, disclosure, modification, or destruction. GAO was asked to assess information security controls for one of FBI’s critical networks. To assess controls, GAO conducted a vulnerability assessment of the internal network and evaluated the bureau’s information security program associated with the network operating environment. This report summarizes weaknesses in information security controls in one of FBI’s critical networks. GAO recommends several actions to fully implement an information security program. In a separate classified report, GAO makes recommendations to correct specific weaknesses. FBI agreed with many of the recommendations but disagreed with the characterization of risk to its information and noted that it has made significant strides in reducing risks. GAO believes that increased risk remains.Highlights: http://www.gao.gov/highlights/d07368high.pdfSource: http://www.gao.gov/cgi−bin/getrpt?GAO−07−368

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"